One of the most interesting statements I recently heard from the CEO of a large company was about the usefulness and necessity of GRC (Governance, Risk & Compliance) data. What value do they add at the board level?
lane wolf
Extensive Excel lists that show where problems could arise and where the organization does not have complete control over risks add little value. Also, complicated calculations that show potential losses or large fines only bring confusion, especially if they are difficult to comprehend and retrace.
Self-Confidence
The perspective of one’s personal theory, field, and goals prevails when it comes to creating as complete a risk-framework as possible. But how does that help the organization? And last but not least, how does it contribute to the CEO’s plans?
After 20 years of implementation, we can point out how critical it is to start with the following two questions: What does the CEO expect from GRC data? And how will this data help the CEO? If there are no clear answers, it is better to wait for your CEO to make a statement about it.
Questions to Ask Yourself
Which information is essential for the CEO and which is not? How should the information be presented and at what frequency? When should you escalate? What outcome does the CEO expect? What impact do you as a risk manager feel? When would the CEO/organization be best supported?
Attention
Many organizations employ risk managers, compliance officers, quality managers, CISOs, privacy officers, data protection officers, ICT security, auditors, business managers, process managers, security officers etc. – and each and every one of them works towards the goal of making the organization function better. All want attention from the organization and management. And all require information from the shop floor.
Don’t Become a Lone Wolf!
Where there are multiple parties involved, all with their own desires, it is important to avoid chaos from unfolding. Therefore, all information regarding GRC must be collected and organized before it is presented. After all, implementing GRC starts with support and coordination. This leads to clarity about the desired results and about how you and your colleagues want to approach this task as a team. Because lack of teamwork leads to becoming a lone wolf!
Feel free to request our implementation plan and make teamwork a piece of cake.
lane wolf